Bug in Radius NAS IP Attribute

  • I use pfsense with an external RADIUS Server and pfsense in CARP mode. Therefore I want to use the virtual CARP IP address to identify my NAS to radius server. The section box "RADIUS NAS IP" on service page captiveportal lists ths virtual adresses. If I select the virtual adress instead of a physical interface address then

    • the selection box shows the first entry (WAN) on the reloaded page but in config.xml the IP address is correct

    • the request to radius server uses the physical IP adress as nas host ip instead of the selected virtual address. So client.conf must have the phyiscal address. For me it's even worse because my radius serve is in another sub segment of another interface than captive portal.

    Example: Captiveportal is on OPT7 (phys. and virtual; my radius server is on ip (in segment –> client.conf must be otherwise the request is rejected as unkown host. The calling station id is correct what i have selected in NAS IP.

    Why is pfsense not using the selected NAS IP address as sending host address?

    This important for

    • making CARP transparent for RADIUS (users keeps logged in otherwise there are a lot open accounting records)
    • to configure one NAS only instead of two
    • calling station id is the same than the calling host

    What can i do?

Log in to reply